651
|
7.8 |
HIGH
Local
|
luxion
|
keyshot keyshot_viewer
|
Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion Key…
|
CWE-416
Use After Free
|
CVE-2024-30375
|
2024-09-26 23:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
652
|
7.8 |
HIGH
Local
|
luxion
|
keyshot keyshot_viewer
|
Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxio…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-30374
|
2024-09-26 23:22 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
653
|
8.8 |
HIGH
Network
|
volkov
|
wp_accessibility_helper
|
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
|
CWE-862
Missing Authorization
|
CVE-2024-31423
|
2024-09-26 23:19 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
654
|
9.8 |
CRITICAL
Network
oracle
|
e-business_suite
|
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vul…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-21587
|
2024-09-26 23:16 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
655
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9177
|
2024-09-26 23:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
656
|
- |
|
-
|
-
|
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2024-31899
|
2024-09-26 23:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
657
|
4.4 |
MEDIUM
Network
|
-
|
-
|
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
|
-
|
CVE-2023-46175
|
2024-09-26 23:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
658
|
9.8 |
CRITICAL
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily explo…
|
NVD-CWE-Other
|
CVE-2021-35587
|
2024-09-26 23:13 |
2022-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
659
|
8.8 |
HIGH
Network
|
djl
|
deep_java_library
|
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to …
|
CWE-22
Path Traversal
|
CVE-2024-2914
|
2024-09-26 23:12 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
660
|
9.8 |
CRITICAL
Network
3rdmill
|
novi_survey
|
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
|
CWE-94
Code Injection
|
CVE-2023-29492
|
2024-09-26 23:10 |
2023-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|